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AUTHORIZATION TO DEBIT DEPOSIT ACCOUNT 

It is not believed that extensions of time are required, beyond those, which may 
otherwise be provided for in documents accompanying this paper. However, in the 
event that additional extensions of time are necessary to allow consideration of this 
paper, such extensions are hereby petitioned under 37 C.F.R. §1 .136(a), and any fees 
required therefor are hereby authorized to be charged to Hewlett-Packard Company's 
Deposit Account No 08-2025. 
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I. REAL PARTY-TN-INTEREST 

The real party-in-interest is the assignee, Hewlett-Packard Development 
Corporation. An assignment to Hewlett-Packard Company was recorded April 10, 2000 
on reel/frame number: 010757/0956. An assignment from the Hewlett-Packard 
Company to the Hewlett-Packard Development Corporation was recorded 
September 30, 2003 on reel/frame number: 014061/0492. 

II. RELATED APPEALS AND INTERFERENCES 

There are no known related appeals or interferences. 

III. STATUS OF CLAIMS 

Claims 1-40 stand finally rejected. No claims have been allowed. The final 
rejection of claims 1 -40 is appealed. For the reasons set forth below, Appellants 
respectfully request that the rejections be overturned. 

IV. STATUS OF AMENDMENTS 

No amendments have been submitted after the FINAL Office Action, and all 
amendments submitted prior to that have been entered. The claims in the attached 
Appendix reflect the present state of pending claims 1-40. 

The final rejection of claims 1-40 is appealed. 

V. SUMMARY OF THE INVENTION 

Appellants' independent claims 1, 1 1, and 21 identify a system, method, and 
computer-readable medium, respectively for establishing a secure execution 
environment for a software process. A system (100) establishes a secure execution 
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environment for a software process (108) executed by a program (111) operating on a 
computer (101). The system (100) comprises a software process (108), an operating 
system kernel (127), and a system call trap (300).. The software process (108) operates 
on a computer (1 01) and includes a plurality of attributes (1 14). The operating system 
kernel (127) is in communication with the software process (108) and an executable 
file (136) accessed by the software process (108). The system call trap (300) assigns a 
selected plurality (225) of the attributes to the software process (108). The selected 
plurality of attributes (225) are stored in association with said executable file (136). 

A method for establishing a secure execution environment for a software 
process (108) executed by a program (111) operating on a computer (101) comprises 
operating a software process (1 08) including a plurality of attributes (114), executing an 
operating system kernel (127) in communication with said software process (108), and 
assigning a selected plurality (225) of said attributes to the software process (108). The 
operating system kernel (127) communicates with an executable file (136) to be 
accessed by software process (108). The selected plurality of attributes (225) are stored 
in association with the executable file (136). 

A computer readable medium having a program for establishing a secure 
execution environment for a software process (108) executed by a program (111) 
operating on a computer (101). The program (1 1 1) includes logic configured to operate 
a software process (108) on the computer (101). The software process (108) includes a 
plurality of attributes (1 14). The program (1 1 1) also includes logic configured to 
execute an operating system kernel (127) in communication with said software 
process (108). The operating system kernel (127) is also in communication with an 
executable file (136) to be accessed by said software process (108). The program (1 1 1) 
further includes logic configured to modify the plurality of attributes (114) for the 
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software process (108) based on an executable environment attribute (225) stored in 
association with the executable file (136). 



VI. ISSUES 

The issues on appeal are as follows: 

A. Whether rejected claims 1-30 are unpatentable under 35 U.S.C. §103(a) 
over U.S. Patent Number 6,289,462 to McNabb et al. in view of U.S. Patent 5,784,463 
to Chen et all 

B. Whether rejected claims 3 1-40 are unpatentable under 35 U.S.C. §103(a) 
over U.S. Patent Number 6,289,462 to McNabb et al. and U.S. Patent 5,784,463 to Chen 
et al. in view of U.S. Patent 5,560,008 to Johnson et all 

VII. GROUPING OF CLAIMS 

Appellants have grouped the pending claims 1-40 into the following three (3) 
distinct claim groups: 

Group A: Claims 1 - 1 0, and 3 1 -3 3 ; 
Group B: Claims 1 1-20, and 34-37; 
Group C: Claims 21-30, and 38-40 

As explained below, each of the claims within the separate claim groups 
covers a distinct scope of the Appellants' systems and methods. 

A. Claims 1 - 1 0, and 3 1 -33 stand or fall as a group (Group A) with respect 

to the rejection of claims 1-30 over U.S. Patent Number 6,289,462 to McNabb et al. 

(the '462 patent) in view of U.S. Patent 5,784,463 to Chen et al. (the '463 patent) and 

with respect to the rejection of claims 3 1-40 over the '462 and '463 patents in further 
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view of U.S. Patent Number 5,560,008 to Johnson et al. (the '008 patent) for at least the 
reason that the proposed combinations fail to disclose, teach, or suggest each element 
recited in independent system claim 1 . Specifically, the cited art references fail to 
disclose, teach, or suggest a system for establishing a secure execution environment for 
a software process executed by a program operating on a computer that includes "a 
system call trap associated with said operating system kernel . . . configured to modify 
the plurality of attributes for the software process based on an executable environment 
attribute stored in association with said executable file." This element is distinct from 
the elements of the remaining claim groups. Therefore, claims 1-10, and 31-33 stand 
or fall independent of the claims of the other claim groups. 

B. Claims 1 1-20, and 34-37 stand or fall as a group (Group B) with respect 
to the rejection of claims 1-30 over the '462 and '463 patents and with respect to the 
rejection of claims 31-40 over the '462 and '463 patents in further view of the '008 
patent for at least the reason that the proposed combinations fail to disclose, teach, or 
suggest each element recited in independent method claim 11. Specifically, the cited art 
references fail to disclose, teach, or suggest a method for establishing a secure execution 
environment for a software process executed by a program operating on a computer that 
includes "modifying the plurality of attributes for the software process based on an 
executable environment attribute stored in association with the executable file." This 
element is distinct from the elements of the remaining claim groups. Therefore, claims 
1 1-20, and 34-37 stand or fall independent of the claims of the other claim groups. 

C. Claims 21-30, and 38-40 stand or fall as a group (Group C) with respect 
to the rejection claims 1-30 over the '462 and '463 patents and with respect to the 
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rejection of claims 31-40 over the '462 and '463 patents in further view of the '008 
patent for at least the reason that the proposed combinations fail to disclose, teach, or 
suggest each element recited in independent computer-readable medium claim 21 . 
Specifically, the cited art references fail to disclose, teach, or suggest a computer- 
readable medium having a program configured to establishing a secure execution 
environment for a software process executed by a program operating on a computer that 
includes logic configured to modify "the plurality of attributes for the software process 
based on an executable environment attribute stored in association with the executable 
file." This element is distinct from the elements of the remaining claim groups. 
Therefore, claims 21-30 and 38-40 stand or fall independent of the claims of the other 
claim groups. 

VIII. THE ARGUMENT 

The Appellants respectfully request that the Board overturn the rejection of 
claims 1-40 for at least the reasons discussed below. 

Appellants respectfully submit that the rejection of claims 1 -40 under § 1 03 
should be withdrawn for any of the following reasons, each of which are separately 
discussed below: 

(1) the '463 patent cannot be used as a basis for this 
rejection because it is improper non-analogous prior art that 
cannot legally be relied on for a rejection under 35 U.S.C. 
§103; 

(2) the Office Action fails to establish a prima facie case 
of obviousness because, even assuming for the sake of 
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argument that the '463 patent can be relied on as a basis for a 

rejection under §103, the Examiner has not established the 

proper suggestion or motivation to combine the 6 462 patent 

and the '463 patent in the manner suggested; and 

(3) the Office Action fails to establish a prima facie case 

of obviousness because, even assuming for the sake of 

argument that the 4 463 patent is proper analogous art AND a 

proper suggestion or motivation to combine has been 

established, the combined teachings of the '462 patent and 

the '463 patent do not teach all of the claim limitations. 

I. The Rejection of Claims 1-40 is Legally Deficient Because the '463 Patent 
Cannot Be Used as a Basis for a Rejection Under 35 U.S.C. §103 Because 
the ' 463 Patent is Nonanalogous Prior Art 

Appellants respectfully submit that the rejection of claims 1-40 is improper, and 
therefore should be withdrawn and the claims be allowed, because the '463 patent is 
improper "nonanalogous art" that may not legally be relied upon to support a prima 
facie case of obviousness. In order to rely on a reference, as a basis for supporting a 
rejection of an applicant's invention, the reference must be analogous art. In other 
words, the reference must be either in the field of applicant's endeavor or, if not, then be 
reasonably pertinent to the particular problem with which the inventor was concerned. 
MPEP §214L01(a); See, In re Oetiker, 977 F.2d 1443, 1446, 24 USPQ2d 1443, 1445 
(Fed. Cir. 1992); In re Deminski, 796 F.2d 436, 230 USPQ 313 (Fed. Cir. 1986); In re 
Clay, 966 F.2d 656, 659, 23 USPQ2d 1058, 1060-61 (Fed. Cir. 1992); Wang 
Laboratories Inc. v. Toshiba Corp., 993 F.2d 858, 26 USPQ2d 1767 (Fed. Cir. 1993.). 
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The '462 patent relates to a trusted compartmentalized computer operating 
system (O/S) on a web server for controlling access to the execution of the software 
processes. The trusted O/S provides an added layer of security in two ways: by 
attaching additional security attributes to each of the O/S components (e.g., files, 
processes, data packets); and by extending the security checks to use the new attributes. 
Col. 9, 11. 5-10. When a process makes a request to "call" or "execute" a program stored 
in a file, the O/S compares the attributes of the process to the attributes of the file where 
the program is stored, to see if the process will be allowed to run the program. The 
additional security attributes (e.g., "sensitivity label") are used by the O/S to allow 
greater control over which programs are available. For example, the trusted O/S 
includes an "authorization database" that is used to see if the user running the process 
can access or execute the requested program. Col. 9, 11. 40-50. Therefore, the '462 
patent is mainly related to the field of O/S functionality and the problems associated 
with securely controlling access to software processes to be executed via the O/S. 

Unlike the '462 patent, the '463 patent is completely unrelated to the field of 
O/S functionality. Rather, the '463 patent relates to a process for authenticating users 
(e.g., clients 10) that attempt to gain access to an application server 25 over a 
communications network 5. The authentication process of the '463 patent involves a 
very specific implementation of a public/private key cryptosystem. Col. 2, 11 52-56. 
The authentication process of the '463 patent involves an authentication server 20 which 
is assigned a private key and a corresponding public key by a token issuer or by a 
certification authority/key management agency 35. Col. 4, 11. 32-34. "Tokens" are 
distributed to users (i.e., clients 10) during a registration process. Each token has 
embedded therein a public key of the token issuer or certification authority. Without 
going into unnecessary detail, Appellants note that much of the disclosure of the '463 
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patent involves a detailed description of the verification/authentication schemes 
(illustrated in Figs. 3 & 4) between clients 10 and authentication server 25 using the 
tokens and the cryptography associated with the public/private keying. 

Therefore, it is clear that the 4 463 patent is totally unrelated to O/S functionality 
for controlling access to the execution of software processes via an O/S. Furthermore, 
one of ordinary skill in the art of operating systems would not look for functional 
enhancements in the field of cryptography. In fact, Appellants respectfully submit that 
such solutions are not disclosed at all in the '463 patent. Therefore, Appellants 
respectfully assert that the '463 patent is improper "nonanalogous art" that may not be 
relied upon to support a rejection under §103. Accordingly, Appellants respectfully 
request that the rejection be withdrawn and claims 1-40 be allowed. 

IL Prima Facie Case of Obviousness Not Established: No Suggestion or 
Motivation to Combine References as Suggested 

The rejection of claims 1-40 under 35 U.S.C. § 103(a) should be withdrawn 
because the Examiner has failed to establish a prima facie case of obviousness. In order 
to establish a prima facie case of obviousness by combining references, there must be 
some suggestion or motivation, either in the references themselves or in the knowledge 
generally available to one of ordinary skill, to modify the primary reference (the '462 
patent) in the manner allegedly taught by the secondary reference (the '463 patent). See 
e.g., MPEP §§2142, 2143; In re Vaeck, 947 F.2d 488, 20 USPQ2d 1438 (Fed. Cir 
1991); In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988); In re Jones, 958 
F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). Even though Appellants believe the §103 
rejection is improper because the '463 patent is unavailable "nonanalogous art " 
Appellants further submit that the Office Action fails to establish a proper motivation or 
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suggestion to modify the alleged teaching of the 6 462 patent with the alleged teaching of 
the '463 patent such as to render obvious claims 1-40. 

The Office Action rejects independent claims 1,11, and 21, as well as many 
other dependent claims, based on the same argument. Nonetheless, Appellants 
respectfully submit that the scope of these claims are not co-extensive. In the interests 
of brevity, however, Appellants address the similar rejection of all of the independent 
claims by pointing out the Examiner's failure to establish the proper suggestion or 
motivation to combine the operating system of the '462 patent with the dynamic client 
configuration functionality of the '463 patent. 

Specifically, the Office Action alleges that the '462 patent discloses all of the 
elements of independent claims 1, 1 1, and 21 except for a system call trap that modifies 
the plurality of attributes for the software process based on an executable environment 
attribute stored in association with the executable file. The Office Action alleges that 
the '463 patent teaches "the modifying of attributes associated with a process (dynamic 
configuration of the client, p6 10-24) based on an executable environment attribute 
stored in association with the executable file (service entitlement from an access control 
database, Id.)." The Office Action further argues that it would have been obvious to 
combine the teachings of the '463 patent with the '462 patent because "the 
'reconfiguration' of client attributes while maintaining the security would enable access 
to various protected applications through 'different or changing user entitlements' (Chen 
Abstract) at the same time as reducing user authentication-overhead while increasing 
flexibility for the user." 

It is well-established law that, in order to properly combine select elements from 
differing prior art sources, there must be some teaching or suggestion within the prior 
art to make the combination specifically claimed by the Appellant's invention. W. L. 
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Gore & Associates, Inc. v. Garlock Thomas, Inc., 721 F.2d 1540, 1551 (Fed. Cir. 1983). 
More significantly, 

"The consistent criteria for determination of obviousness 
is whether the prior art would have suggested to one of 
ordinary skill in the art that this [invention] should be 
carried out and would have a reasonable likelihood of 
success, viewed in light of the prior art. ..." Both the 
suggestion and the expectation of success must be 
founded in the prior art, not in the applicant's 
disclosure... In determining whether such a suggestion 
can fairly be gleaned from the prior art, the full field of 
the invention must be considered; for the person of 
ordinary skill in the art is charged with knowledge of the 
entire body of technological literature, including that 
which might lead away from the claimed invention." 

(Emphasis added.) In re Dow Chemical Company, 837 F.2d 469, 473 (Fed. Cir. 1988). 



It has often been noted that, "[h]umans must work with old elements, most if not 
all of which will normally be found somewhere in an examination of the prior art." 
Connell v. Sears, Roebuck & Co., 722 F2d 1542, 1549, 220 U.S.P.Q. 193 (Fed. Cir. 
1983). Furthermore, that features, even distinguishing features, are "disclosed" in the 
prior art is alone insufficient. It is common to find elements or features somewhere in 
the prior art. Moreover, most if not all elements perform their ordained and expected 
function. The test is whether the claimed invention as a whole, in light of all the 
teachings of the references in their entireties, would have been obvious to one of 
ordinary skill in the art at the time the invention was made. Id. 

In this regard, Appellants note that there must not only be a suggestion to 
combine the functional or operational aspects of the combined references, but that the 
Federal Circuit also requires the prior art to suggest both the combination of elements 
and the structure resulting from the combination. Stiftung v. Renishaw PLC, 945 Fed.2. 
1 173 (Fed. Cir. 1991). Therefore, in order to sustain an obviousness rejection based 
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upon a combination of any two or more prior art references, the prior art must properly 
suggest the desirability of combining the particular elements. 

Appellants respectfully submit that the purported motivation or suggestion 
provided by the Office Action is a classic example of impermissible hindsight reasoning 
based solely on Appellants' disclosure. In this regard, Appellants note that the purported 
motivation cited in the Office Action ("reducing user authentication-overhead while 
increasing flexibility for the user") is NOT in the '463 patent. The Office Action alleges 
that the suggestion or motivation to combine the references is in the Abstract of the '463 
patent. Specifically, the Office Action points to the Abstract and the recitation of the 
language "reconfiguration" and "different user entitlements" for the purported 
motivation. Appellants note that this cited language is the ONLY language, which is 
used to support the allegation of the motivation or suggestion to combine the references. 

Appellants respectfully assert that this cited language is legally insufficient to 
meet the Examiner's prima facie burden of establishing a proper motivation or 
suggestion to combine the references. In this regard, Appellants respectfully assert that 
the cited language - "reconfiguration" and "different or changing user entitlements" -- 
does not suggest the desirability of combining the trusted operating system of the '462 
patent with the user authentication process of the '463 patent. The objective of the '462 
patent is to create a trusted computer server that controls access to the execution of 
software processes called via the operating system. The '463 patent has nothing to do 
with operating system functionality. Rather, the objective of the '463 patent is to 
provide a method for authenticating a user (i.e., client computer) attempting to gain 
access to an application server 25 via a communications network 5. As mentioned 
above, the '463 patent merely suggests a user authentication scheme which employs 
public/private key cryptography for accessing the application servers. The '463 patent 
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suggests nothing about operating system functionality. At best, the '463 patent merely 
suggests the desirability of controlling user access to the application server via user 
entitlement database 30. 

Appellants note that the '463 patent does not say anything about a system call 
trap associated with an operating system kernel, which is configured to modify the 
attributes of the software process. Rather, the language "different or changing user 
entitlements" in the Abstract of the '463 patent merely refers to the functionality of 
reconfiguring the client token, after the client computer 10 has registered, with different 
user entitlements for different software applications, different systems, and/or different 
locations, col. 6 11. 1-20. In other words, the user entitlements may be reconfigured 
without the client computer 10 having to re-register. Thus, Appellants respectfully 
submit that this portion of the '463 patent cited by the Examiner does not suggest the 
desirability of modifying the trusted operating system of the '462 patent with the client 
reconfiguration functionality of the '463 patent. Accordingly, Appellants respectfully 
assert that the Office Action fails to establish a proper suggestion or motivation to 
combine the '462 patent and the '463 patent in the manner suggested. Appellants note 
that the improper combination of the '462 patent and the '463 patent is the basis for the 
rejection of all claims 1-40. Accordingly, Appellants respectfully submit that the 
rejection of claims 1-40 is improper and, therefore, the rejections must be overturned. 
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Discussion of Claim Group A 

The proposed combination of the '462 and '463 patents does not render the 
subject matter of Appellants' claims 1-10 obvious under 35 U.S.C. §103. Furthermore, 
the proposed combination of the '462 and '463 patents, in further view of the '008 
patent does not render the subject matter of Appellants' claims 3 1 -33 obvious under 35 
U.S.C. §103. The Examiner rejected claims 1-10 under 35 U.S.C. § 103(a) over the '462 
and '463 patents. The Examiner further rejected claims 31-33 under 35 U.S.C. §103(a) 
over the '462 and '463 patents in view of the '008 patent. (See Office Action, Paper 
No. 6, Page 2, Item 4 and Page 4, Item 5.) 

In rejecting Appellants' claims 1-10, and 3 1-33, the Examiner alleges that the 
'462 patent discloses all of the elements of independent claim 1 except for a system call 
trap that modifies the plurality of attributes for the software process based on an 
executable environment attribute stored in association with the executable file. The 
Office Action alleges that the '463 patent teaches "the modifying of attributes associated 
with a process (dynamic configuration of the client, p6 10-24) based on an executable 
environment attribute stored in association with the executable file (service entitlement 
from an access control database, Id.)." Appellants disagree. 

Even assuming for the sake of argument that there is some proper suggestion or 
motivation to modify or combine the '462 patent and the '463 patent as the Examiner 
suggests, the combination of these references fails to disclose, teach, or suggest each and 
every element of independent claim 1. For this additional reason, Appellants 
respectfully submit that the rejection of claims 1-10, and 31-33 is improper. MPEP 
§2143.03. 
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Independent claim 1 is directed to a system for establishing a secure execution 
environment for a software process executed by a program operating on a computer. 
Independent claim 1 recites "a system call trap associated with said operating system 
kernel . . . configured to modify the plurality of attributes for the software process based 
on an executable environment attribute stored in association with said executable." 

The Office Action admits that the '462 patent does not disclose this feature. 
Furthermore, contrary to the assertion in the Office Action, Appellants respectfully 
submit that this feature is NOT disclosed, taught, or suggested by the '463 patent. As 
mentioned above, the '463 patent relates to a process for authenticating users (e.g., 
clients 10) that attempt to gain access to an application server 25 over a communications 
network 5. The '463 patent suggests nothing about a system call trap associated with an 
operating system functionality. Moreover, the '463 patent suggests nothing about 
modifying the attributes for a software process to be executed based on an executable 
environment attribute stored in association with an executable file to be accessed by the 
software process. 

The Office Action alleges that this feature is taught in the Abstract of the '463 
patent by the following description: "to provide for dynamic configuration of the client 
system to provide for different or changing user entitlements." Appellants respectfully 
submit that, at best, this description merely suggests the feature of changing the 
entitlements for a given user. In other words, the user entitlement database may suggest 
multiple levels of entitlements based on different systems, different locations, and/or 
different software applications to be accessed via applications server 25. Col. 6, 11. 1-20. 
The '463 patent, however, clearly does not suggest modifying the attributes for the 
software process to be executed based on an executable environment attribute stored in 
association with an executable file to be accessed by the software process. 
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Accordingly, and for at least this additional reason, Appellants respectfully 
submit that independent claim 1 is patentable over the '462 patent and the '463 patent 
and, therefore, the rejection must be overturned. 

Dependent claims 2-10 (which depend from independent claim 1) are allowable 
as a matter of law for at least the reason that they contain all features and elements of the 
corresponding independent claim. See, e.g., In re Fine, 837 F.2d 1071 (Fed. Cir. 1988). 
Accordingly, Appellants respectfully assert that a prima facie case of obviousness has 
not been established and request that the rejection of claims 1-10 be overturned. 

Moreover, Appellants respectfully submit that the '008 patent does not disclose, 
teach, or suggest modifying the attributes for a software process to be executed based on 
an executable environment attribute stored in association with an executable file to be 
accessed by the software process. Thus, the proposed combination of the '462, '463, 
and '008 patents fails to disclose, teach, or suggest all claim elements of dependent 
claims 31-33 (which depend from claim 1). Accordingly, Appellants respectfully assert 
that a prima facie case of obviousness has not been established and the rejection of 
claims 31-33 must be overturned. 

Discussion of Claim Group B 

The proposed combination of the '462 and '463 patents does not render the 
subject matter of Appellants' claims 1 1-20 obvious under 35 U.S.C. §103. Furthermore, 
the proposed combination of the '462 and '463 patents in further view of the '008 patent 
does not render the subject matter of Appellants' claims 34-37 obvious under 35 U.S.C. 
§103. The Examiner rejected claims 1 1-20 under 35 U.S.C. § 103(a) over the '462 and 
'463 patents. The Examiner further rejected claims 34-37 under 35 U.S.C. § 103(a) over 
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the '462 and '463 patents in view of the '008 patent. (See Office Action, Paper No. 6, 
Page 2, Item 4 and Page 4, Item 5.) 

In rejecting Appellants' claims 1 1-20, and 33-37, the Examiner alleges that the 
'462 patent discloses all of the elements of independent claim 1 1 except for a system 
call trap that modifies the plurality of attributes for the software process based on an 
executable environment attribute stored in association with the executable file. The 
Office Action alleges that the '463 patent teaches "the modifying of attributes associated 
with a process (dynamic configuration of the client, p6 10-24) based on an executable 
environment attribute stored in association with the executable file (service entitlement 
from an access control database, Id.)." Appellants disagree. 

Even assuming for the sake of argument that there is some proper suggestion or 
motivation to modify or combine the '462 patent and the '463 patent as the Examiner 
suggests, the combination of these references fails to disclose, teach, or suggest each and 
every element of independent claim 11. For this additional reason, Appellants 
respectfully submit that the rejection of claims 1 1-20, and 34-37 is improper. MPEP 
§2143.03. 

Independent claim 1 1 is directed to a method for establishing a secure execution 
environment for a software process executed by a program operating on a computer. 
Independent claim 1 1 recites "modifying the plurality of attributes for the software 
process based on an executable environment attribute stored in association with the 
executable file." 

The Office Action admits that the '462 patent does not disclose this feature. 
Furthermore, contrary to the assertion in the Office Action, Appellants respectfully 
submit that this feature is NOT disclosed, taught, or suggested by the '463 patent. As 
mentioned above, the '463 patent relates to a process for authenticating users that (e.g., 
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clients 1 0) attempt to gain access to an application server 25 over a communications 
network 5. The '463 patent suggests nothing about a system call trap associated with an 
operating system functionality. Moreover, the '463 patent suggests nothing about 
modifying the attributes for a software process to be executed based on an executable 
environment attribute stored in association with an executable file to be accessed by the 
software process. 

The Office Action alleges that this feature is taught in the Abstract of the '463 
patent by the following description: "to provide for dynamic configuration of the client 
system to provide for different or changing user entitlements." Appellants respectfully 
submit that, at best, this description merely suggests the feature of changing the 
entitlements for a given user. In other words, the user entitlement database may suggest 
multiple levels of entitlements based on different systems, different locations, and/or 
different software applications to be accessed via applications server 25. Col. 6, 11. 1-20. 
The '463 patent, however, clearly does not suggest modifying the attributes for the 
software process to be executed based on an executable environment attribute stored in 
association with an executable file to be accessed by the software process. Accordingly, 
for at least this additional reason, the rejection of claim 1 1 must be overturned. 

Dependent claims 12-20 (which depend from independent claim 11) are 
allowable as a matter of law for at least the reason that they contain all features and 
elements of the corresponding independent claim. See, e.g., In re Fine, supra. 
Accordingly, Appellants respectfully assert that a prima facie case of obviousness has 
not been established and request that the rejection of claims 1 1-20 be overturned. 

Moreover, Appellants respectfully submit that the '008 patent does not disclose, 
teach, or suggest modifying the attributes for a software process to be executed based on 
an executable environment attribute stored in association with an executable file to be 
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accessed by the software process. Thus, the proposed combination of the '462, '463, 
and '008 patents fails to disclose, teach, or suggest all claim elements of dependent 
claims 34-37 (which depend from claim 11). Accordingly, Appellants respectfully 
assert that a prima facie case of obviousness has not been established and the rejection 
of claims 34-37 must be overturned. 

Discussion of Claim Group C 

The proposed combination of the '462 and '463 patents does not render the 
subject matter of Appellants' claims 21-30 obvious under 35 U.S.C. §103. Furthermore, 
the proposed combination of the '462 and '463 patents, in further view of the '008 
patent does not render the subject matter of Appellants' claims 38-40 obvious under 35 
U.S.C. §103. The Examiner rejected claims 21-30 under 35 U.S.C. § 103(a) over the 
'462 and '463 patents. The Examiner further rejected claims 38-40 under 35 U.S.C. 
§103(a) over the '462 and '463 patents in view of the '008 patent. (See Office Action, 
Paper No . 6, Page 2, Item 4 and Page 4, Item 5 .) 

In rejecting Appellants' claims 21-30, and 38-40, the Examiner alleges that the 
'462 patent discloses all of the elements of independent claim 21 except for a system 
call trap that modifies the plurality of attributes for the software process based on an 
executable environment attribute stored in association with the executable file. The 
Office Action alleges that the '463 patent teaches "the modifying of attributes associated 
with a process (dynamic configuration of the client, p6 10-24) based on an executable 
environment attribute stored in association with the executable file (service entitlement 
from an access control database, Id.)." Appellants disagree. 

Even assuming for the sake of argument that there is some proper suggestion or 
motivation to modify or combine the '462 patent and the '463 patent as the Examiner 
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suggests, the combination of these references fails to disclose, teach, or suggest each and 
every element of independent claim 21. For this additional reason, Appellants 
respectfully submit that the rejection of claims 21-30, and 38-40 is improper. MPEP 
§2143.03. 

Independent claim 21 is directed to a computer-readable medium having a 
program for establishing a secure execution environment for a software process 
executed by a program operating on a computer. Independent claim 21 recites "logic for 
modifying the plurality of attributes for the software process based on an executable 
environment attribute stored in association with the executable file." 

The Office Action admits that the '462 patent does not disclose this feature. 
Furthermore, contrary to the assertion in the Office Action, Appellants respectfully 
submit that this feature is NOT disclosed, taught, or suggested by the '463 patent. As 
mentioned above, the c 463 patent relates to a process for authenticating users that (e.g., 
clients 10) attempt to gain access to an application server 25 over a communications 
network 5. The '463 patent suggests nothing about a system call trap associated with an 
operating system functionality. Moreover, the '463 patent suggests nothing about 
modifying the attributes for a software process to be executed based on an executable 
environment attribute stored in association with an executable file to be accessed by the 
software process. 

The Office Action alleges that this feature is taught in the Abstract of the '463 
patent by the following description: "to provide for dynamic configuration of the client 
system to provide for different or changing user entitlements." Appellants respectfully 
submit that, at best, this description merely suggests the feature of changing the 
entitlements for a given user. In other words, the user entitlement database may suggest 
multiple levels of entitlements based on different systems, different locations, and/or 
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different software applications to be accessed via applications server 25. Col. 6, 
11. 1-20. The '463 patent, however, clearly does not suggest modifying the attributes for 
the software process to be executed based on an executable environment attribute stored 
in association with an executable file to be accessed by the software process. 

Consequently, the statement of the rejection fails to establish a proper prima 
facie case for obviousness of Appellant's claim 21. Accordingly, for at least this 
additional reason, the rejection must be overturned. 

Dependent claims 22-30 (which depend from independent claim 21) are 
allowable as a matter of law for at least the reason that they contain all features and 
elements of the corresponding independent claim. See, e.g., In re Fine, supra. 
Accordingly, Appellants respectfully assert that a prima facie case of obviousness has 
not been established and request that the rejection of claims 2 1 -30 be overturned. 

Moreover, Appellants respectfully submit that the '008 patent does not disclose, 
teach, or suggest modifying the attributes for a software process to be executed based on 
an executable environment attribute stored in association with an executable file to be 
accessed by the software process. Thus, the proposed combination of the '462, '463, 
and '008 patents fails to disclose, teach, or suggest all claim elements of dependent 
claims 38-40 (which depend from claim 21). Accordingly, Appellants respectfully 
assert that a prima facie case of obviousness has not been established and the rejection 
of claims 38-40 must be overturned. 
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IX. CONCLUSION 

Appellants respectfully request that the Board of Appeals overturn the 
Examiner's rejection of all pending claims 1-40 and allow these claims for the reasons 
indicated. 



Respectfully submitted, 

THOMAS, KAYDEN, HORSTEMEYER 
& RISLEY, L.L.P. 

Robert A. Blaha 
Registration No. 43,502 



THOMAS, KAYDEN, HORSTEMEYER 
& RISLEY, L.L.P. 

100 Galleria Parkway, Suite 1750 
Atlanta, Georgia 30339-5948 
(770) 933-9500 
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Claims 



1 A system for establishing a secure execution environment for a software 
process executed by a program operating on a computer, comprising: 

a software process operating on a computer, said software process including a 

plurality of attributes; 

an operating system kernel in communication with said software process and in 
communication with an executable file to be accessed by said software process; and 

a system call trap associated with said operating system kernel, said system call 
trap configured to modify the plurality of attributes for the software process based on an 
executable environment attribute stored in association with said executable file. 

2. The system of claim 1, wherein said system call trap further comprises: 
a process attribute extension; and 

an access token extension associated with said process attribute extension, said 
access token extension including said executable environment attribute. 

3 The system of claim 1 , wherein said executable environment attribute is 
contained in a database associated with said executable file. 

4. The system of claiml, wherein said executable environment attribute is 
chosen from the group consisting of user ID, group IDs and privileges. 
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5. The system of claim 1, wherein said execution environment isolates said 
software process from any other software process operating on said computer. 

6. The system of claim 1 , wherein said software process is a web server 
process. 

7. The system of claim 1 , wherein said software process is a file transfer 
process. 

8. The system of claim 1 , wherein said software process is a mail server 
process. 

9. The system of claiml, wherein said executable environment attribute is 
associated to said software process upon execution of said software process. 

10. The system of claim 1, wherein said executable environment attribute 
replaces any existing attributes associated with said software process. 
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11. A method for establishing a secure execution environment for a software 
process executed by a program operating on a computer, the method comprising: 

operating a software process on a computer, said software process including a 

plurality of attributes; 

executing an operating system kernel in communication with said software 
process, said operating system kernel in communication with an executable file to be 
accessed by said software process; and 

modifying the plurality of attributes for the software process based on an 
executable environment attribute stored in association with the executable file. 

12. The method of claim 1 1 , further comprising: 
executing a process attribute extension; and 

executing an access token extension associated with said process attribute 
extension, said access token extension including the executable environment attribute. 

13. The method of claim 11, wherein the executable environment attribute is 
contained in a database associated with said executable file. 

14. The method of claim 1 1, wherein said the executable environment 
attribute is chosen from the group consisting of user ID, group IDs and privileges. 

15. The method of claim 11, wherein said execution environment isolates 
said software process from any other software process operating on said computer. 



26 



In re Barber et al. 
Serial No.: 09/5 J 7, 366 

16. The method of claim 11, wherein said software process is a web server 
process. 

17. The method of claim 11, wherein said software process is a file transfer 
process. 

18. The method of claim 1 1 , wherein said software process is a mail server 
process. 

19. The method of claim 11, wherein the executable environment attribute is 
associated to said software process upon execution of said software process. 

20. The method of claim 11, wherein the executable environment attribute 
replaces any existing attributes associated with said software process. 
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21 . A computer readable medium having a program for establishing a secure 
execution environment for a software process executed by a program operating on a 
computer, the program including logic for: 

operating a software process on a computer, said software process including a 

plurality of attributes; 

executing an operating system kernel in communication with said software 
process, said operating system kernel in communication with an executable file to be _ 
accessed by said software process; and 

modifying the plurality of attributes for the software process based on an 
executable environment attribute stored in association with the executable file. 

22. The program of claim 21 , further comprising logic for: 
executing a process attribute extension; and 

executing an access token extension associated with said process attribute 
extension, said access token extension including the executable environment attribute. 

23. The program of claim 21, wherein the executable environment attribute 
! is contained in a database associated with said executable file. 



24. The program of claim 21, wherein said the executable environment 
attribute is chosen from the group consisting of user ID, group IDs and privileges. 

25. The program of claim 21, wherein said execution environment isolates 
said software process from any other software process operating on said computer. 
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26. The program of claim 2 1 , wherein said software process is a web server 
process. 

27. The program of claim 21, wherein said software process is a file transfer 
process. 

28. The program of claim 2 1 , wherein said software process is a mail server 
process. 

29. The program of claim 21 , wherein said the executable environment 
attribute is associated to said software process upon execution of said software process. 

30. The program of claim 21, wherein the executable environment attribute 
replaces any existing attributes associated with said software process. 

31. The system of claim 1, wherein the system call trap is further configured 
to determine whether the execution environment attribute contains an inherit flag. 

32. The system of claim 3 1 , wherein the system call trap is further 
configured to store a current attribute for a current process when the execution 
environment attribute contains an inherit flag. 
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33. The system of claim 32, wherein the system call trap is further 
configured to: 

determine whether the current attribute for the current process contains the 
inherit flag; 

merge the execution environment attribute with a previously stored attribute if 
the current attribute does not contain the inherit flag; and 

merge the execution environment attribute with the current attribute if the 
current attribute does contain the inherit flag. 

34. The method of claim 1 1 , further comprising determining whether the 
execution environment attribute contains an inherit flag. 

35. The method of claim 34, further comprising storing a current attribute for 
a current process when the execution attribute contains an inherit flag. 

36. The method of claim 35, further comprising: 

determining whether the current attribute for the current process contains the 
inherit flag; and 

merging the execution environment attribute with a previously stored attribute if 
the current attribute does not contain the inherit flag. 
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37. The method of claim 35, further comprising: 

determining whether the current attribute for the current process contains the 
inherit flag; and 

merging the execution environment attribute with the current attribute if the 
current attribute does contain the inherit flag. 

38. The computer readable medium of claim 21, further comprising logic for 
determining whether the execution environment attribute contains an inherit flag. 

39. The computer readable medium of claim 38, further comprising logic for 
storing a current attribute for a current process when the execution attribute contains an 
inherit flag. 

40. The computer readable medium of claim 39, further comprising logic 

for: 

determining whether the current attribute for the current process contains the 
inherit flag; 

merging the execution environment attribute with a previously stored attribute if 
the current attribute does not contain the inherit flag; and 

merging the execution environment attribute with the current attribute if the 
current attribute does contain the inherit flag. 
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